package com.liang.lesson2;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

public class SqlZhuru {
    public static void main(String[] args) {
        //login("zhangsan","123456");正常登录
        login(" 'or' 2=2"," 'or' 1=1");//sql连接

    }
    //登录业务
    public static void login (String username,String password){
        Connection conn = null;
        Statement st = null;
        ResultSet rs = null;
        try {
            conn = JdbcUntils.getConnection();
            st = conn.createStatement();

            //SELECT * FROM users WHERE `NAME` = 'zhangsan' AND `PASSWORD` = '123456'
            //SELECT * FROM users WHERE `NAME` = ''or' 2=2' AND `PASSWORD` = '123456'
            String sql = "select * from users where `NAME` ='"+ username +"'AND `PASSWORD`='"+ password +"'";
            rs = st.executeQuery(sql);

            while(rs.next()){
                System.out.println(rs.getString("NAME"));
                System.out.println(rs.getString("PASSWORD"));
                System.out.println("========");
            }
        } catch (SQLException e) {
            e.printStackTrace();
        }finally {
            JdbcUntils.release(conn,st,rs);
        }
    }
}
